File size: 7.08Kb
<?php
// by Mike O. (mides), coolcms.org
switch ($type) {
case 'chat':
$title = 'Мини-чат';
break;
case 'book':
$title = 'Гостевая книга';
break;
}
require_once '../includes/sys.php';
require_once '../includes/header.php';
switch ($act) {
default:
echo '<div class="title"><a href="?">'.$title.'</a></div><div class="body">';
if ($u['id'] OR ($type = 'book' and !$u['id']) ) {
echo '<form name="form" action="?act=add" method="post">'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="3"></textarea>';
if (!$u['id']) {
echo '<img src="../images/code.php" alt="" /> провер. код:<br/>
<input name="code" maxlength="5" size="12" /><br />';
}
echo '<input name="" type="submit" value="Ok"></form>';
}
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM $type"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
navig($page, '?', $pages);
$book_r = mysql_query("SELECT * FROM $type ORDER BY `time` DESC LIMIT ".$begin.", ".$config['onpage']."");
while ($book = mysql_fetch_assoc($book_r)) {
if ($book['id_user'] == 0) {
echo username($book['id_user'], 2);
} else {
echo '<a href="../other/profile.php?id='.$book['id_user'].'">'.username($book['id_user'], 2).'</a> ';
}
echo ' '.ccdate($book['time'], $book['id_user']).' <a href="?act=reply&id='.$book['id'].'">'.$lang['re'].'</a>';
if ($u['access'] > 0 or $u['id'] and $u['id'] == $book['id_user'] and time() - $book['time'] < $config['edit_time']) echo '|<a href="?act=edit&id='.$book['id'].'">'.$lang['edit'].'</a>';
if ($u['access'] > 1) echo '|<a href="?act=del&id='.$book['id'].'">Del</a>';
echo '<br />'.bb($book['text']);
if ($book['edit_by']) echo '<br />_______<br /><span style="font-size: 10px;">'.$lang['edited_by'].': '.username($book['edit_by']).' ('.date('d.m.y, H:i', $book['edit_time']).' )</span>';
echo '<hr>';
}
navig($page, '?', $pages);
} else {
echo 'Пусто';
}
echo '</div>';
break;
case 'add':
if ($u['id']) {
if (!empty($_POST['text'])) {
if (time() > $_SESSION['antispam']) {
$text = check($_POST['text']);
mysql_query("INSERT INTO $type SET `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['antispam'];
redirect('?');
} else {
error($lang['antispam'].' '.$config['antispam'].' sec');
nav('?');
}
} else {
redirect('?');
}
} elseif (!$u['id'] and $type == 'book') {
if ($_POST['text'] and $_POST['code']) {
$text = check($_POST['text']);
$code = check($_POST['code']);
if ($_SESSION['code'] == $code) {
if (TIME > $_SESSION['antispam']) {
mysql_query("INSERT INTO $type SET `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['antispam'];
redirect('?');
} else {
error($lang['antispam'].' '.$config['antispam'].' sec');
nav('?');
}
} else {
error($lang['incorrect_code']);
nav('?');
}
} else {
redirect('?');
}
} else {
redirect('?');
}
break;
case 'reply':
$id = abs(intval($_GET['id']));
$msg_r = mysql_query("SELECT `id`, `id_user` FROM $type WHERE `id` = '$id'");
$msg = mysql_fetch_assoc($msg_r);
if ($msg['id']) {
if ($ok) {
if (TIME > $_SESSION['antispam']) {
if ($u['id']) {
if (!empty($_POST['text'])) {
$text = check($_POST['text']);
mysql_query("INSERT INTO $type SET `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['antispam'];
redirect('?');
} else {
redirect('?act=reply&id='.$id);
}
} elseif (!$u['id'] and $type == 'book') {
if (!empty($_POST['text'])) {
$text = check($_POST['text']);
$code = abs(intval($_POST['code']));
if ($_SESSION['code'] == $code) {
mysql_query("INSERT INTO $type SET `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['antispam'];
redirect('?');
} else {
error($lang['incorrect_code']);
nav('?act=reply&id='.$id);
}
} else {
redirect('?act=reply&id='.$id);
}
} else {
redirect('?');
}
} else {
error($lang['antispam'].' '.$config['antispam'].' sec');
nav('?');
}
} else {
tp('<a href="?">'.$title.'</a>» ответить');
echo '<div class="body"><form name="form" action="?act=reply&id='.$id.'&ok=1" method="post">
'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="3">[b]'.username($msg['id_user']).'[/b], </textarea><br />';
if (!$u['id']) {
echo '<img src="../images/code.php" alt="" /> провер. код:<br /><input name="code" maxlength="5" size="12" /><br />';
}
echo '<input name="submit" type="submit" value="Ok" />
</form>
<a href="?">'.$title.'</a>» ответить
</div>';
}
} else {
redirect('?');
}
break;
case 'edit':
if ($u['id']) {
$id = abs(intval($_GET['id']));
$book_r = mysql_query("SELECT * FROM $type WHERE `id` = '$id'");
$book = mysql_fetch_assoc($book_r);
if ($book['text']) {
if ($u['access'] > 0 or $u['id'] == $book['id_user'] and TIME - $book['time'] < $config['edit_time']) {
tp('<a href="?">'.$title.'</a>» ре-ть');
echo '<div class="body">';
if (empty($ok)) {
echo '<form name="form" action="?act=edit&id='.$id.'&ok=1" method="post">
'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="3">'.$book['text'].'</textarea>
<input name="submit" type="submit" value="Ok" />
</form>
<a href="?">'.$title.'</a>» ре-ть
</div>';
} else {
if (!empty($_POST['text'])) {
$text = check($_POST['text']);
mysql_query("UPDATE $type SET `text` = '$text', `edit_by` = '$u[id]', `edit_time` = '".TIME."' WHERE `id` = '$id'");
redirect('?');
} else {
redirect('?act=edit&id='.$id);
}
}
} else {
redirect('?');
}
} else {
redirect('?');
}
} else {
redirect('login.php');
}
break;
case 'del':
if (access(2)) {
$id = abs(intval($_GET['id']));
$msg_r = mysql_query("SELECT `id` FROM $type WHERE `id` = '$id'");
if (mysql_num_rows($msg_r)) {
mysql_query("DELETE FROM `voting` WHERE `type` = '$type' and `id_for` = '$id'");
mysql_query("DELETE FROM $type WHERE `id` = '$id'");
}
}
redirect('?');
break;
}
require_once '../includes/tail.php';
?>